Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg

Information leakage in YAQL

YAQL before 3.0.0 is used in Murano, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.

Permalink: https://github.com/advisories/GHSA-mvf6-hwxh-7v76
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: about 2 months ago


Identifiers: GHSA-mvf6-hwxh-7v76, CVE-2024-29156
References: Blast Radius: 0.0

Affected Packages

pypi:yaql
Dependent packages: 10
Dependent repositories: 82
Downloads: 85,225 last month
Affected Version Ranges: < 3.0.0
Fixed in: 3.0.0
All affected versions: 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 2.0.0, 2.0.1
All unaffected versions: 3.0.0